feat(profile): minor profile improvments.

apparmor.d/groups/systemd/systemd-inhibit

@@ -14,6 +14,8 @@ profile systemd-inhibit @{exec_path} flags=(attach_disconnected) {
   capability net_admin,
   capability sys_resource,
 
+  signal receive set=term peer=packagekitd,
+
   @{exec_path} mr,
 
   @{bin}/cat rix,

apparmor.d/groups/systemd/systemd-network-generator

@@ -17,6 +17,8 @@ profile systemd-network-generator @{exec_path} {
 
   owner @{run}/systemd/network/{,**} rw,
 
+  @{run}/credentials/systemd-network-generator.service/ r,
+
   include if exists <local/systemd-network-generator>
 }
 

apparmor.d/groups/virt/dockerd

@@ -89,7 +89,7 @@ profile dockerd @{exec_path} flags=(attach_disconnected) {
 
   owner @{lib}/containerd/** w,
   owner @{lib}/docker/overlay2/*/work/{,**} rw,
-  owner /var/lib/containerd/** w,
+  owner /var/lib/containerd/** rw,
   owner /var/lib/docker/{,**} rwk,
   owner /var/lib/docker/tmp/qemu-check@{int}/check rix,
 

apparmor.d/profiles-a-f/alsactl

@@ -22,6 +22,9 @@ profile alsactl @{exec_path} {
         @{run}/lock/card@{int}.lock rwk,
   owner @{run}/alsa/{,**} rw,
 
+  @{sys}/devices/@{pci}/subsystem_device r,
+  @{sys}/devices/@{pci}/subsystem_vendor r,
+
   include if exists <local/alsactl>
 }
 

apparmor.d/profiles-m-r/mission-control

@@ -23,6 +23,7 @@ profile mission-control @{exec_path} flags=(attach_disconnected)  {
   owner @{user_share_dirs}/telepathy/mission-control/*.cfg* rw,
 
   owner @{user_config_dirs}/libaccounts-glib/accounts.db{,-shm,-wal} rwk,
+  owner @{user_cache_dirs}/.mc_connections rw,
 
   @{run}/systemd/inhibit/@{int}.ref rw,
 

apparmor.d/profiles-m-r/packagekitd

@@ -36,6 +36,7 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) {
   network netlink raw,
 
   signal send set=int peer=apt-methods-*,
+  signal send set=term peer=systemd-inhibit,
 
   #aa:dbus own bus=system name=org.freedesktop.PackageKit